使用Nsclient从VBS脚本运行exe时出现问题

时间:2017-11-22 15:59:58

标签: authentication dll vbscript intel

我已经为intel cpu漏洞编写了一个vbs脚本,当我从命令行手动运行或双击它时,它运行完全正常。 我们在所有服务器上都有一个NSClient / git infra,nagios使用它来创建检查,我试图在命令提示符下使用NSClient ++。exe来执行这个脚本。但是,当我使用NSClient运行该文件时,它无法创建日志文件(SA-00086 - )。

这是来自nsc.ini的我的NSClient命令:

intel_cpu_vulnerability=C:\Windows\system32\cscript.exe //NoLogo //T:60 C:\WINDOWS\NSClient\scripts\DiscoveryTool\cpu-unsafe.vbs

这是我的cpu-unsafe.vbs脚本:

' VB SCript to find the Intel Processor vulnerability.
Dim Maindir, objFSO, oFile, Executable, Vulnerable, NotVulnerable, objTextFile, Readme, VStatus, StatusLine, strLine

Const ForReading = 1
Maindir = "c:\Windows\nsclient\scripts\DiscoveryTool"
Executable = "Intel-SA-00086-console.exe"
Vulnerable = "Status: This system is vulnerable."
NotVulnerable = "Status: This system is not vulnerable."
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshShell = WScript.CreateObject("WScript.Shell")

'Deleting all previous log/xml files
For Each oFile In objFSO.GetFolder(Maindir).Files 
    If LCase(objFSO.GetExtensionName(oFile.Name))= "log" or LCase(objFSO.GetExtensionName(oFile.Name)) = "xml" Then
        If  oFile.Name <> "CommandLine.xml" Then
            Deleteme = Maindir+"\"+oFile
            objFSO.DeleteFile oFile
        End If
    End If
next    

'Running the Intel detector
WSHShell.Run Maindir + "\" + Executable , 0, True
Set objShell = Nothing
WScript.Sleep 3000

'Setting the logfile to read
For Each oFile In objFSO.GetFolder(Maindir).Files 
    If LCase(objFSO.GetExtensionName(oFile.Name))= "log" Then
        If  oFile.Name <> "CommandLine.xml" Then
            Readme = oFile
        End If
    End If
next

Set objTextFile = objFSO.OpenTextFile(Readme, ForReading)

'Reading the logfile and determining if the prosessor is affected.
VStatus = "Undetermined"
do until objTextFile.AtEndOfStream
    strLine = objTextFile.ReadLine()
    If Left(strLine, 7) = "Status:" Then
        If InStr(strLine, NotVulnerable) <> 0 then
            VStatus = "OK"
            StatusLine = strLine
        End If

        If InStr(strLine, Vulnerable) <> 0 then
            VStatus = "NOK"
            StatusLine = strLine
        End If
    End If
    If Left(strLine, 24) = "Status: Detection Error:" Then 
        VStatus = "Undetermined"
        StatusLine = strLine
    End If
loop

'The FINAL RESULTS:
If VStatus = "OK" then
    Wscript.Echo VStatus + ": Not Vulnerable  -> From File: " + StatusLine
    Wscript.Quit(1)
ElseIf VStatus = "NOK" then
    Wscript.Echo VStatus + ": Vulnerable -> From File: " + StatusLine
    Wscript.Quit(3)
Else
    Wscript.Echo VStatus + ": May be Vulnerable  -> From File: " + StatusLine
    Wscript.Quit(2)
End If


objTextFile.Close

要测试此脚本,您必须下载Windows Vulnerability Detection tool from Intel's Website。下载后,解压缩zip文件并将此脚本放在DiscoveryTool文件夹中,然后双击运行它。该脚本将告知您的cpu是否受英特尔®管理引擎漏洞的影响。

编辑:我进一步尝试直接从NSClient执行.exe,它给了我Commandline.dll auth失败错误。

nsc.ini命令:

icvy=C:\WINDOWS\NSClient\scripts\DiscoveryTool\Intel-SA-00086-console.exe

输出:

l NSClient++.cpp(456) Enter command to inject or exit to terminate...
icvy
d NSClient++.cpp(1106) Injecting: icvy:
e \CheckExternalScripts.cpp(188) The command (C:\WINDOWS\NSClient\scripts\DiscoveryTool\Intel-SA-00086-console.exe) retu
rned an invalid return code: 11
d NSClient++.cpp(1142) Injected Result: WARNING 'Error: The file 'CommandLine.dll' authentication has failed.'
d NSClient++.cpp(1143) Injected Performance Result: ''
WARNING:Error: The file 'CommandLine.dll' authentication has failed.

1 个答案:

答案 0 :(得分:0)

尝试将当前工作目录设置为包含可执行文件的目录。在我这样做之前,我看到了同样的错误消息。在VBScript中,我收集的内容类似于:

WSHShell.CurrentDirectory = Maindir
WSHShell.Run Maindir + "\" + Executable , 0, True